This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Portal disabled across multiple XG firewalls by CLI user

This morning we found many of our XG firewalls had the User Portal disabled on the WAN zone, causing problems for users trying to download the VPN client while working remotely. Anyone else experience this issue? How are you providing users with the ability to download the VPN client when they are not in the office?



This thread was automatically locked due to age.
Parents
  • Hi S248

    As a general best security practice to reduce attack surface wherever possible, Sophos recommends disabling any unused services on the WAN interface.

    Until recently, the user portal was enabled on the WAN interface by default for XG firewall. From v17.5 MR12 and v18 MR1 the default value was changed from enabled to disabled for the brand new installs. For any customer upgrading an existing deployment to these releases (or later), the current settings remained unchanged.

    In a recent hotfix, Sophos performed a one-time update to disable the User Portal on the WAN interface if it was not actively being used by customers. This determination was made on-box.

    If it has been disabled, and you actively need/use it, please enable it and it will remain enabled.

  • We're also starting to see our customer's XGs disable the User Portal for deployments that do use this. Do you know how are Sophos working this out to then apply this change?

Reply Children
No Data